How to Prevent DDOS Attacks on Linux based Servers

This is a tutorial on How to Prevent DDOS Attacks on your Linux based Web Servers by using a simple Linux utility/Command IPTABLES .

DDOS Explained

DDoS or Distributed Daniel of Service Attack is a type of DOS attack where a number of compromised systems or Bots or Zombies , which are often infected with a Trojan or other Malware or Ratware , are used to target a single system causing a Denial of Services (DoS) attack.

The Catch here is that one can prevent a DOS attack by simply putting a rule that no more than (lets say) 5 connections are allowed per Host . But when the hosts have different IP’s and Different Demography , these simple rules wont help .

Please note that the below technique is not an Industry Standard , but is a trick one can use without any requirement of paid firewall or software .

How To Prevent DDOS Attacks

In this example we will be Limiting the number of SSH Connections to our SSH host. The same technique can/is also be done for other protocols such as HTTP , FTP etc. By using this simple utility that is shipped with all Linux Systems we can control the number of Client systems connecting to our Server . So the secret of Network Admins is out for the common now !!!

We can also call this a Firewall (in a way) configured using the IPTABLES utility.

The first this we need to do here is to Load a module called Connlimit

Load Module : xt_connlimitmodprobe xt_connlimit

Check if the module was loaded or not :

lsmod | grep connlimit
Incase you are configuring a Firewall/Webserver and want this module to load at the Startup :
Add #modprobe xt_connlimit in the file /etc/init.d/rc.d/ri.local

-I: Insert a rule in the Chain-p : The Protocol–syn : This means the rule is only applicable to the packets that are initiating the connection. The rule will not apply to any Data packet that is involved in data transfer .–dport : 22 for ssh , 80 or 8080 for HTTP or as you require
To View IPTABLES : iptables -L -n | less
To Save IPTABLES : service iptables save

That’s it guys! Why not show your gratitude by clicking one of our sponsors and help us grow!